UI update

web/add/cron/index.php

@@ -10,6 +10,12 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check POST request
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if ((!isset($_POST['v_min'])) || ($_POST['v_min'] == '')) $errors[] = __('minute');
     if ((!isset($_POST['v_hour'])) || ($_POST['v_hour'] == '')) $errors[] = __('hour');

web/add/db/index.php

@@ -9,6 +9,12 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check POST request
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_database'])) $errors[] = __('database');
     if (empty($_POST['v_dbuser'])) $errors[] = __('username');
@@ -91,7 +97,7 @@ if (!empty($_POST['ok'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',$user."_".$_POST['v_database'],$user."_".$_POST['v_database']);
+        $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',htmlentities($user)."_".htmlentities($_POST['v_database']),htmlentities($user)."_".htmlentities($_POST['v_database']));
         $_SESSION['ok_msg'] .= " / <a href=".$db_admin_link." target='_blank'>" . __('open %s',$db_admin) . "</a>";
         unset($v_database);
         unset($v_dbuser);

web/add/dns/index.php

@@ -10,6 +10,12 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check POST request for dns domain
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
     if (empty($_POST['v_ip'])) $errors[] = __('ip');
@@ -70,7 +76,7 @@ if (!empty($_POST['ok'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
+        $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
         unset($v_domain);
     }
 }
@@ -79,6 +85,12 @@ if (!empty($_POST['ok'])) {
 // Check POST request for dns record
 if (!empty($_POST['ok_rec'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = 'domain';
     if (empty($_POST['v_rec'])) $errors[] = 'record';
@@ -112,7 +124,7 @@ if (!empty($_POST['ok_rec'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',$_POST[v_rec],$_POST[v_domain]);
+        $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain]));
         unset($v_domain);
         unset($v_rec);
         unset($v_val);

web/add/firewall/index.php

@@ -17,6 +17,12 @@ if ($_SESSION['user'] != 'admin') {
 // Check POST request
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_action'])) $errors[] = __('action');
     if (empty($_POST['v_protocol'])) $errors[] = __('protocol');

web/add/ip/index.php

@@ -16,6 +16,12 @@ if ($_SESSION['user'] != 'admin') {
 // Check POST request
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_ip'])) $errors[] = __('ip address');
     if (empty($_POST['v_netmask'])) $errors[] = __('netmask');
@@ -61,7 +67,7 @@ if (!empty($_POST['ok'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('IP_CREATED_OK',$_POST['v_ip'],$_POST['v_ip']);
+        $_SESSION['ok_msg'] = __('IP_CREATED_OK',htmlentities($_POST['v_ip']),htmlentities($_POST['v_ip']));
         unset($v_ip);
         unset($v_netmask);
         unset($v_name);

web/add/mail/index.php

@@ -11,6 +11,12 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check POST request for mail domain
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
     if (!empty($errors[0])) {
@@ -59,7 +65,7 @@ if (!empty($_POST['ok'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',$_POST['v_domain'],$_POST['v_domain']);
+        $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain']));
         unset($v_domain);
     }
 }
@@ -68,6 +74,12 @@ if (!empty($_POST['ok'])) {
 // Check POST request for mail account
 if (!empty($_POST['ok_acc'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
     if (empty($_POST['v_account'])) $errors[] = __('account');
@@ -156,7 +168,7 @@ if (!empty($_POST['ok_acc'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',strtolower($_POST['v_account']),$_POST[v_domain],strtolower($_POST['v_account']),$_POST[v_domain]);
+        $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]));
         $_SESSION['ok_msg'] .= " / <a href=".$webmail." target='_blank'>" . __('open webmail') . "</a>";
         unset($v_account);
         unset($v_password);

web/add/package/index.php

@@ -16,10 +16,16 @@ if ($_SESSION['user'] != 'admin') {
 // Check POST request
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_package'])) $errors[] = __('package');
     if (empty($_POST['v_web_template'])) $errors[] = __('web template');
-    if (!empty($_SESSION['WEB_SYSTEM'])) {
+    if (!empty($_SESSION['WEB_BACKEND'])) {
         if (empty($_POST['v_backend_template'])) $errors[] = __('backend template');
     }
     if (!empty($_SESSION['PROXY_SYSTEM'])) {
@@ -132,7 +138,7 @@ if (!empty($_POST['ok'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',$_POST['v_package'],$_POST['v_package']);
+        $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',htmlentities($_POST['v_package']),htmlentities($_POST['v_package']));
         unset($v_package);
     }
 

web/add/user/index.php

@@ -16,6 +16,12 @@ if ($_SESSION['user'] != 'admin') {
 // Check POST request
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_username'])) $errors[] = __('user');
     if (empty($_POST['v_password'])) $errors[] = __('password');
@@ -93,8 +99,8 @@ if (!empty($_POST['ok'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('USER_CREATED_OK',$_POST['v_username'],$_POST['v_username']);
-        $_SESSION['ok_msg'] .= " / <a href=/login/?loginas=".$_POST['v_username'].">" . __('login as') ." ".$_POST['v_username']. "</a>";
+        $_SESSION['ok_msg'] = __('USER_CREATED_OK',htmlentities($_POST['v_username']),htmlentities($_POST['v_username']));
+        $_SESSION['ok_msg'] .= " / <a href=/login/?loginas=".htmlentities($_POST['v_username']).">" . __('login as') ." ".htmlentities($_POST['v_username']). "</a>";
         unset($v_username);
         unset($v_password);
         unset($v_email);

web/add/web/index.php

@@ -10,6 +10,12 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Check POST request
 if (!empty($_POST['ok'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check for empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
     if (empty($_POST['v_ip'])) $errors[] = __('ip');
@@ -314,7 +320,7 @@ if (!empty($_POST['ok'])) {
         }
 
         if (!empty($_SESSION['error_msg']) && $domain_added) {
-            $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
+            $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
             $_SESSION['flash_error_msg'] = $_SESSION['error_msg'];
             $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain']));
             header('Location: ' . $url);
@@ -324,7 +330,7 @@ if (!empty($_POST['ok'])) {
 
     // Flush field values on success
     if (empty($_SESSION['error_msg'])) {
-        $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
+        $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain]));
         unset($v_domain);
         unset($v_aliases);
         unset($v_ssl);

web/bulk/backup/index.php

@@ -9,6 +9,12 @@ include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 $backup = $_POST['backup'];
 $action = $_POST['action'];
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 switch ($action) {
     case 'delete': $cmd='v-delete-user-backup';
         break;

web/bulk/cron/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $job = $_POST['job'];
 $action = $_POST['action'];
 

web/bulk/db/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $database = $_POST['database'];
 $action = $_POST['action'];
 

web/bulk/dns/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $domain = $_POST['domain'];
 $record = $_POST['record'];
 $action = $_POST['action'];

web/bulk/firewall/banlist/index.php

@@ -7,6 +7,12 @@ session_start();
 // Main include
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/bulk/firewall/index.php

@@ -7,6 +7,12 @@ session_start();
 // Main include
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/bulk/ip/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $ip = $_POST['ip'];
 $action = $_POST['action'];
 

web/bulk/mail/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $domain = $_POST['domain'];
 $account = $_POST['account'];
 $action = $_POST['action'];

web/bulk/package/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $package = $_POST['package'];
 $action = $_POST['action'];
 

web/bulk/restore/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $action = $_POST['action'];
 $backup = escapeshellarg($_POST['backup']);
 

web/bulk/service/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $service = $_POST['service'];
 $action = $_POST['action'];
 

web/bulk/user/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $user = $_POST['user'];
 $action = $_POST['action'];
 

web/bulk/vesta/index.php

@@ -6,6 +6,13 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
+
 $pkg = $_POST['pkg'];
 $action = $_POST['action'];
 

web/bulk/web/index.php

@@ -6,6 +6,12 @@ session_start();
 
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 $domain = $_POST['domain'];
 $action = $_POST['action'];
 

web/css/jquery.arcticmodal.css

@@ -0,0 +1,8 @@
+.arcticmodal-overlay,
+.arcticmodal-container { position: fixed; left: 0; top: 0; right: 0; bottom: 0; z-index: 1000; }
+.arcticmodal-container { overflow: auto; margin: 0; padding: 0; border: 0; border-collapse: collapse; }
+*:first-child+html .arcticmodal-container { height: 100% }
+.arcticmodal-container_i { height: 100%; margin: 0 auto; }
+.arcticmodal-container_i2 { padding: 24px; margin: 0; border: 0; vertical-align: middle; }
+.arcticmodal-error { padding: 20px; border-radius: 10px; background: #000; color: #fff; }
+.arcticmodal-loading { width: 80px; height: 80px; border-radius: 10px; background: #000 url(loading.gif) no-repeat 50% 50%; }

web/css/styles.min.css

@@ -581,6 +581,7 @@ body {
 
 .body-login {
   height: auto;
+  padding-top: 10%;
   /*background: url(/images/edit_bg.png);*/
   background-color: #eee;
 }
@@ -1051,17 +1052,17 @@ div.l-content > div.l-separator:nth-of-type(4) {
 }
 .l-sort-toolbar .vst {
   padding: 0 12px;
-  color: #999;
+  color: #777;
   text-transform: uppercase;
   font-size: 11px;
   font-weight: bold;
   line-height: 30px;
 }
 .l-sort-toolbar .vst:hover {
-  color: #f79b44;
+  color: #ff6701;
 }
 .l-sort-toolbar .vst:active {
-  color: #f72b44;
+  color: #55C9C0;
 }
 .l-sort-toolbar .vst.selected {
   color: #ff6701;
@@ -1223,7 +1224,7 @@ div.l-content > div.l-separator:nth-of-type(4) {
 }
 
 .l-sort-toolbar .step-left {
-  padding-left: 45px;
+  padding-left: 40px;
 }
 .step-right {
   padding-right: 40px;
@@ -1391,6 +1392,9 @@ div.l-content > div.l-separator:nth-of-type(4) {
   content: '';
   width: 33px;
   height: 33px;
+  position: absolute;
+  top: 0;
+  right: 0;
 }
 .actions-panel__col a {
   line-height: 33px;
@@ -1400,9 +1404,13 @@ div.l-content > div.l-separator:nth-of-type(4) {
   padding-left: 13px;
   display: block;
   cursor: pointer;
+  position: relative;
+  padding-right: 36px;
 }
 .lang-ru .actions-panel__col a {
   font-size: 11px;
+  line-height: 31px;
+  padding-top: 2px;
 }
 .lang-tw .actions-panel__col a {
   font-size: 15px;
@@ -2104,6 +2112,11 @@ label {
   text-shadow: 0 0 0 #555;
   color: transparent !important;
 }
+
+.vst-list.long-2 {
+  width: 486px;
+  background-position: 502px -604px;
+}
 .vst-list option {
   padding: 6px 1px 6px 15px;
 }
@@ -2364,7 +2377,7 @@ td.hint {
   background-color: #fff;
   box-shadow: 0 2px 6px rgba(100, 100, 100, 0.3);
   font-family: Arial,Helvetica,sans-serif;
-  margin: 10% 0 0;
+  margin: 0;
   padding: 0;
   text-align: left;
   vertical-align: top;

web/css/uploadify.css

@@ -0,0 +1,92 @@
+/*
+Uploadify
+Copyright (c) 2012 Reactive Apps, Ronnie Garcia
+Released under the MIT License <http://www.opensource.org/licenses/mit-license.php> 
+*/
+
+.uploadify {
+	position: relative;
+	margin-bottom: 1em;
+}
+.uploadify-button {
+	background-color: #505050;
+	background-image: linear-gradient(bottom, #505050 0%, #707070 100%);
+	background-image: -o-linear-gradient(bottom, #505050 0%, #707070 100%);
+	background-image: -moz-linear-gradient(bottom, #505050 0%, #707070 100%);
+	background-image: -webkit-linear-gradient(bottom, #505050 0%, #707070 100%);
+	background-image: -ms-linear-gradient(bottom, #505050 0%, #707070 100%);
+	background-image: -webkit-gradient(
+		linear,
+		left bottom,
+		left top,
+		color-stop(0, #505050),
+		color-stop(1, #707070)
+	);
+	background-position: center top;
+	background-repeat: no-repeat;
+	-webkit-border-radius: 30px;
+	-moz-border-radius: 30px;
+	border-radius: 30px;
+	border: 2px solid #808080;
+	color: #FFF;
+	font: bold 12px Arial, Helvetica, sans-serif;
+	text-align: center;
+	text-shadow: 0 -1px 0 rgba(0,0,0,0.25);
+	width: 100%;
+}
+.uploadify:hover .uploadify-button {
+	background-color: #606060;
+	background-image: linear-gradient(top, #606060 0%, #808080 100%);
+	background-image: -o-linear-gradient(top, #606060 0%, #808080 100%);
+	background-image: -moz-linear-gradient(top, #606060 0%, #808080 100%);
+	background-image: -webkit-linear-gradient(top, #606060 0%, #808080 100%);
+	background-image: -ms-linear-gradient(top, #606060 0%, #808080 100%);
+	background-image: -webkit-gradient(
+		linear,
+		left bottom,
+		left top,
+		color-stop(0, #606060),
+		color-stop(1, #808080)
+	);
+	background-position: center bottom;
+}
+.uploadify-button.disabled {
+	background-color: #D0D0D0;
+	color: #808080;
+}
+.uploadify-queue {
+	margin-bottom: 1em;
+}
+.uploadify-queue-item {
+	background-color: #F5F5F5;
+	-webkit-border-radius: 3px;
+	-moz-border-radius: 3px;
+	border-radius: 3px;
+	font: 11px Verdana, Geneva, sans-serif;
+	margin-top: 5px;
+	max-width: 350px;
+	padding: 10px;
+}
+.uploadify-error {
+	background-color: #FDE5DD !important;
+}
+.uploadify-queue-item .cancel a {
+	background: url('../img/uploadify-cancel.png') 0 0 no-repeat;
+	float: right;
+	height:	16px;
+	text-indent: -9999px;
+	width: 16px;
+}
+.uploadify-queue-item.completed {
+	background-color: #E5E5E5;
+}
+.uploadify-progress {
+	background-color: #E5E5E5;
+	margin-top: 10px;
+	width: 100%;
+}
+.uploadify-progress-bar {
+	background-color: #0099FF;
+	height: 3px;
+	width: 1px;
+}

web/delete/backup/index.php

@@ -9,6 +9,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if (!empty($_GET['backup'])) {
     $v_username = escapeshellarg($user);
     $v_backup = escapeshellarg($_GET['backup']);

web/delete/cron/index.php

@@ -9,6 +9,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if (!empty($_GET['job'])) {
     $v_username = escapeshellarg($user);
     $v_job = escapeshellarg($_GET['job']);

web/delete/db/index.php

@@ -9,6 +9,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if (!empty($_GET['database'])) {
     $v_username = escapeshellarg($user);
     $v_database = escapeshellarg($_GET['database']);

web/delete/dns/index.php

@@ -10,6 +10,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // DNS domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
     $v_username = escapeshellarg($user);

web/delete/firewall/banlist/index.php

@@ -13,6 +13,12 @@ if ($_SESSION['user'] != 'admin') {
     exit;
 }
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if ((!empty($_GET['ip'])) && (!empty($_GET['chain']))) {
     $v_ip = escapeshellarg($_GET['ip']);
     $v_chain = escapeshellarg($_GET['chain']);

web/delete/firewall/index.php

@@ -13,6 +13,12 @@ if ($_SESSION['user'] != 'admin') {
     exit;
 }
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if (!empty($_GET['rule'])) {
     $v_rule = escapeshellarg($_GET['rule']);
     exec (VESTA_CMD."v-delete-firewall-rule ".$v_rule, $output, $return_var);

web/delete/ip/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['ip'])) {
         $v_ip = escapeshellarg($_GET['ip']);

web/delete/mail/index.php

@@ -10,6 +10,12 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=$_GET['user'];
 }
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Mail domain
 if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
     $v_username = escapeshellarg($user);

web/delete/package/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['package'])) {
         $v_package = escapeshellarg($_GET['package']);

web/delete/user/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 if ($_SESSION['user'] == 'admin') {
     if (!empty($_GET['user'])) {
         $v_username = escapeshellarg($_GET['user']);

web/delete/web/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Delete as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=$_GET['user'];

web/edit/backup/exclusions/index.php

@@ -66,6 +66,13 @@ foreach ($data['USER'] as $key => $value) {
 
 // Check POST request
 if (!empty($_POST['save'])) {
+
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     $v_web = $_POST['v_web'];
     $v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
     $v_web_tmp = rtrim($v_web_tmp, ",");

web/edit/cron/index.php

@@ -45,6 +45,13 @@ if ( $v_suspended == 'yes' ) {
 
 // Check POST request
 if (!empty($_POST['save'])) {
+
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     $v_username = $user;
     $v_min = escapeshellarg($_POST['v_min']);
     $v_hour = escapeshellarg($_POST['v_hour']);

web/edit/db/index.php

@@ -52,6 +52,12 @@ if ( $v_suspended == 'yes' ) {
 if (!empty($_POST['save'])) {
     $v_username = $user;
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Change database user
     if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
         $v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);

web/edit/dns/index.php

@@ -80,6 +80,12 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
     $v_domain = escapeshellarg($_POST['v_domain']);
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Change domain IP
     if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
         $v_ip = escapeshellarg($_POST['v_ip']);
@@ -139,6 +145,13 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor
 
 // Check POST request for dns record
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
+
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Protect input
     $v_domain = escapeshellarg($_POST['v_domain']);
     $v_record_id = escapeshellarg($_POST['v_record_id']);

web/edit/firewall/index.php

@@ -45,6 +45,13 @@ if ( $v_suspended == 'yes' ) {
 
 // Check POST request
 if (!empty($_POST['save'])) {
+
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     $v_rule = escapeshellarg($_GET['rule']);
     $v_action = escapeshellarg($_POST['v_action']);
     $v_protocol = escapeshellarg($_POST['v_protocol']);

web/edit/mail/index.php

@@ -91,6 +91,12 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['account']))) {
     $v_domain = escapeshellarg($_POST['v_domain']);
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Delete antispam
     if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
         exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
@@ -173,6 +179,13 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['accou
 
 // Check POST request for mail account
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['account']))) {
+
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     $v_domain = escapeshellarg($_POST['v_domain']);
     $v_account = escapeshellarg($_POST['v_account']);
 

web/edit/package/index.php

@@ -88,6 +88,12 @@ unset($output);
 // Check POST request
 if (!empty($_POST['save'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Check empty fields
     if (empty($_POST['v_package'])) $errors[] = __('package');
     if (empty($_POST['v_web_template'])) $errors[] = __('web template');

web/edit/server/index.php

@@ -40,6 +40,15 @@ exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
 $languages = json_decode(implode('', $output), true);
 unset($output);
 
+// List dns cluster hosts
+exec (VESTA_CMD."v-list-remote-dns-hosts json", $output, $return_var);
+$dns_cluster = json_decode(implode('', $output), true);
+unset($output);
+foreach ($dns_cluster as $key => $value) {
+    $v_dns_cluster='yes';
+}
+
+
 // List backup settings
 $v_backup_dir = "/backup";
 if (!empty($_SESSION['BACKUP'])) $v_backup_dir = $_SESSION['BACKUP'];
@@ -56,7 +65,7 @@ foreach ($backup_types as $backup_type) {
         $v_backup_host = $v_remote_backup[$backup_type]['HOST'];
         $v_backup_type = $v_remote_backup[$backup_type]['TYPE'];
         $v_backup_username = $v_remote_backup[$backup_type]['USERNAME'];
-        $v_backup_password = "••••••••";
+        $v_backup_password = "";
         $v_backup_port = $v_remote_backup[$backup_type]['PORT'];
         $v_backup_bpath = $v_remote_backup[$backup_type]['BPATH'];
     }
@@ -65,6 +74,12 @@ foreach ($backup_types as $backup_type) {
 // Check POST request
 if (!empty($_POST['save'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Change hostname
     if ((!empty($_POST['v_hostname'])) && ($v_hostname != $_POST['v_hostname'])) {
         exec (VESTA_CMD."v-change-sys-hostname ".escapeshellarg($_POST['v_hostname']), $output, $return_var);
@@ -131,9 +146,131 @@ if (!empty($_POST['save'])) {
     // Disable local backup
     if (empty($_SESSION['error_msg'])) {
         if (($_POST['v_backup'] == 'no') && ($v_backup == 'yes' )) {
-            exec (VESTA_CMD."v-delete-backup-quota", $output, $return_var);
+            exec (VESTA_CMD."v-delete-backup-host local", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_backup = 'no';
+            $v_backup_adv = 'yes';
+        }
+    }
+
+    // Enable local backups
+    if (empty($_SESSION['error_msg'])) {
+        if (($_POST['v_backup'] == 'yes') && ($v_backup != 'yes' )) {
+            exec (VESTA_CMD."v-add-backup-host local", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_backup = 'yes';
+            $v_backup_adv = 'yes';
+        }
+    }
+
+
+    // Change backup gzip level
+    if (empty($_SESSION['error_msg'])) {
+        if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
+            exec (VESTA_CMD."v-change-sys-config-value BACKUP_GZIP ".escapeshellarg($_POST['v_backup_gzip']), $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_backup_gzip = $_POST['v_backup_gzip'];
+            $v_backup_adv = 'yes';
+        }
+    }
+
+    // Change backup path
+    if (empty($_SESSION['error_msg'])) {
+        if ($_POST['v_backup_dir'] != $v_backup_dir ) {
+            exec (VESTA_CMD."v-change-sys-config-value BACKUP ".escapeshellarg($_POST['v_backup_dir']), $output, $return_var);
             check_return_code($return_var,$output);
             unset($output);
+            if (empty($_SESSION['error_msg'])) $v_backup_dir = $_POST['v_backup_dir'];
+            $v_backup_adv = 'yes';
+        }
+    }
+
+    // Add remote backup host
+    if (empty($_SESSION['error_msg'])) {
+        if ((!empty($_POST['v_backup_host'])) && (empty($v_backup_host))) {
+            $v_backup_host = escapeshellarg($_POST['v_backup_host']);
+            $v_backup_type = escapeshellarg($_POST['v_backup_type']);
+            $v_backup_username = escapeshellarg($_POST['v_backup_username']);
+            $v_backup_password = escapeshellarg($_POST['v_backup_password']);
+            $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
+            exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
+            if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
+            if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
+            if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
+            if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
+            $v_backup_new = 'yes';
+            $v_backup_adv = 'yes';
+            $v_backup_remote_adv = 'yes';
+        }
+    }
+
+    // Change remote backup host type
+    if (empty($_SESSION['error_msg'])) {
+        if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) {
+            exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
+            unset($output);
+
+            $v_backup_host = escapeshellarg($_POST['v_backup_host']);
+            $v_backup_type = escapeshellarg($_POST['v_backup_type']);
+            $v_backup_username = escapeshellarg($_POST['v_backup_username']);
+            $v_backup_password = escapeshellarg($_POST['v_backup_password']);
+            $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
+            exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
+            if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
+            if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
+            if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
+            if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
+            $v_backup_adv = 'yes';
+            $v_backup_remote_adv = 'yes';
+        }
+    }
+
+    // Change remote backup host
+    if (empty($_SESSION['error_msg'])) {
+        if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] == $v_backup_type) && (!isset($v_backup_new))) {
+            if (($_POST['v_backup_host'] != $v_backup_host) || ($_POST['v_backup_username'] != $v_backup_username) || ($_POST['v_backup_password'] || $v_backup_password) || ($_POST['v_backup_bpath'] == $v_backup_bpath)){
+                $v_backup_host = escapeshellarg($_POST['v_backup_host']);
+                $v_backup_type = escapeshellarg($_POST['v_backup_type']);
+                $v_backup_username = escapeshellarg($_POST['v_backup_username']);
+                $v_backup_password = escapeshellarg($_POST['v_backup_password']);
+                $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']);
+                exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output);
+                if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host'];
+                if (empty($_SESSION['error_msg'])) $v_backup_type = $_POST['v_backup_type'];
+                if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username'];
+                if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password'];
+                if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath'];
+                $v_backup_adv = 'yes';
+                $v_backup_remote_adv = 'yes';
+            }
+        }
+    }
+
+
+    // Delete remote backup host
+    if (empty($_SESSION['error_msg'])) {
+        if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
+            exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_backup_host = '';
+            if (empty($_SESSION['error_msg'])) $v_backup_type = '';
+            if (empty($_SESSION['error_msg'])) $v_backup_username = '';
+            if (empty($_SESSION['error_msg'])) $v_backup_password = '';
+            if (empty($_SESSION['error_msg'])) $v_backup_bpath = '';
+            $v_backup_adv = '';
+            $v_backup_remote_adv = '';
         }
     }
 
@@ -143,6 +280,14 @@ if (!empty($_POST['save'])) {
     }
 }
 
+// Check system configuration
+exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+$sys_arr = $data['config'];
+foreach ($sys_arr as $key => $value) {
+    $_SESSION[$key] = $value;
+}
+
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 

web/edit/user/index.php

@@ -74,6 +74,12 @@ unset($output);
 // Check POST request
 if (!empty($_POST['save'])) {
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
         $v_password = tempnam("/tmp","vst");

web/edit/web/index.php

@@ -100,6 +100,12 @@ unset($output);
 if (!empty($_POST['save'])) {
     $v_domain = escapeshellarg($_POST['v_domain']);
 
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
     // Change web domain IP
     if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
         $v_ip = escapeshellarg($_POST['v_ip']);

web/inc/i18n/ar.php

@@ -346,6 +346,7 @@ $LANG['ar'] = array(
     'ranges are acceptable' => 'نطاقات مقبولة',
     'CDIR format is supported' => 'ويدعم صيغة CIDR',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 حساب',
     '%s accounts'  => 'حسابات %s',
     '1 domain'  => '1 نطاق',

web/inc/i18n/bs.php

@@ -343,6 +343,7 @@ $LANG['bs'] = array(
     'ranges are acceptable' => 'rasponi su prihvatljivi',
     'CIDR format is supported' => 'CIDR format je podržan',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 račun',
     '%s accounts'  => '%s računa',
     '1 domain'  => '1 domena',

web/inc/i18n/cn.php

@@ -348,6 +348,7 @@ $LANG['cn'] = array(
     'ranges are acceptable' => '範圍是可以接受的',
     'CIDR format is supported' => '支持CIDR格式',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 账户',
     '%s accounts'  => '%s 账户',
     '1 domain'  => '1 域名',

web/inc/i18n/cz.php

@@ -349,6 +349,7 @@ $LANG['cz'] = array(
     'ranges are acceptable' => 'rozsahy jsou přijatelné',
     'CIDR format is supported' => 'Formát CIDR je podporován',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 účet',
     '%s accounts'  => '%s účtů',
     '1 domain'  => '1 doména',

web/inc/i18n/de.php

@@ -348,6 +348,7 @@ $LANG['de'] = array(
     'ranges are acceptable' => 'Bereiche akzeptabel',
     'CIDR format is supported' => 'CIDR-Format wird unterstützt',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 Konto',
     '%s accounts'  => '%s Konten',
     '1 domain'  => '1 Domäne',

web/inc/i18n/el.php

@@ -349,6 +349,7 @@ $LANG['el'] = array(
     'ranges are acceptable' => 'εύρος είναι αποδεκτό',
     'CIDR format is supported' => 'To format CIDR υποστηρίζεται',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 λογαριασμός',
     '%s accounts'  => '%s λογαριασμοί',
     '1 domain'  => '1 domain',

web/inc/i18n/en.php

@@ -348,6 +348,7 @@ $LANG['en'] = array(
     'ranges are acceptable' => 'ranges are acceptable',
     'CIDR format is supported' => 'CIDR format is supported',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 account',
     '%s accounts'  => '%s accounts',
     '1 domain'  => '1 domain',

web/inc/i18n/es.php

@@ -348,6 +348,7 @@ $LANG['es'] = array(
     'ranges are acceptable' => 'rangos son aceptables',
     'CIDR format is supported' => 'Formato CIDR se admite',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 cuenta',
     '%s accounts'  => '%s cuentas',
     '1 domain'  => '1 dominio',
@@ -467,4 +468,5 @@ $LANG['es'] = array(
     'RESET_CODE_SENT'  => 'El código de cambio de contraseña fue enviado a su correo<br>',
     'MAIL_RESET_SUBJECT'  => 'Cambio de Contraseña en %s',
     'PASSWORD_RESET_REQUEST' => "Para cambiar su contraseña del panel, por favor siga este link:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nAlternativamente, puede dirigirse a https://%s/reset/?action=code&user=%s e ingresar el siguiente código de cambio:\n%s\n\nSi usted no ha solicitado un cambio de contraseña, por favor ignore este mensaje y acepte nuestras disculpas.\n\n--\nPanel de Control Vesta\n",
+'unlimited' => 'ES test'
 );

web/inc/i18n/fi.php

@@ -352,6 +352,7 @@ $LANG['fi'] = array(
     'ranges are acceptable' => 'vaihteluvälit ovat hyväksyttäviä',
     'CIDR format is supported' => 'CIDR muotoa tuetaan',
 
+    'unlimited'  => 'unlimited',
     '1 account' => '1 tili',
     '%s accounts' => '%s tiliä',
     '1 domain' => '1 domain',

web/inc/i18n/fr.php

@@ -350,6 +350,7 @@ $LANG['fr'] = array(
     'ranges are acceptable' => 'plages sont acceptables',
     'CIDR format is supported' => 'Le format CIDR est pris en charge',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 compte',
     '%s accounts'  => '%s comptes',
     '1 domain'  => '1 domaine',

web/inc/i18n/hu.php

@@ -350,6 +350,7 @@ $LANG['hu'] = array(
     'ranges are acceptable' => 'tartományok megengedett',
     'CIDR format is supported' => 'CIDR formátum támogatott',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 fiók',
     '%s accounts'  => '%s fiók',
     '1 domain'  => '1 domain',

web/inc/i18n/id.php

@@ -351,6 +351,7 @@ $LANG['id'] = array(
     'ranges are acceptable' => 'rentang diperbolehkan',
     'CIDR format is supported' => 'Format CIDR didukung',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 pengguna',
     '%s accounts'  => '%s pengguna',
     '1 domain'  => '1 domain',

web/inc/i18n/it.php

@@ -349,6 +349,7 @@ $LANG['it'] = array(
     'ranges are acceptable' => 'gamme sono ammessi',
     'CIDR format is supported' => 'formato CIDR e supportato',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 account',
     '%s accounts'  => '%s account',
     '1 domain'  => '1 dominio',

web/inc/i18n/nl.php

@@ -349,6 +349,7 @@ $LANG['nl'] = array(
     'ranges are acceptable' => 'marges zijn toegestaan',
     'CIDR format is supported' => 'CIDR-indeling wordt ondersteund',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 account',
     '%s accounts'  => '%s accounts',
     '1 domain'  => '1 domein',

web/inc/i18n/no.php

@@ -349,6 +349,7 @@ $LANG['no'] = array(
     'ranges are acceptable' => 'områder er tillatt',
     'CIDR format is supported' => 'CIDR-format støttes',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 konto',
     '%s accounts'  => '%s kontoer',
     '1 domain'  => '1 domene',

web/inc/i18n/pt.php

@@ -348,6 +348,7 @@ $LANG['pt'] = array(
     'ranges are acceptable' => 'gamas são permitidos',
     'CIDR format is supported' => 'formato CIDR é suportada',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 conta',
     '%s accounts'  => '%s contas',
     '1 domain'  => '1 domínio',

web/inc/i18n/ro.php

@@ -350,6 +350,7 @@ $LANG['ro'] = array(
     'ranges are acceptable' => 'intervale sunt acceptabile',
     'CIDR format is supported' => 'format CIDR este suportat',
 
+    'unlimited'  => 'unlimited',
     '1 account' => '1 utilizator',
     '%s accounts' => '%s utilizatori',
     '1 domain' => '1 domeniu',

web/inc/i18n/ru.php

@@ -350,6 +350,7 @@ $LANG['ru'] = array(
     'ranges are acceptable' => 'можно использовать диапазоны',
     'CIDR format is supported' => 'поддерживается формат CIDR',
 
+    'unlimited'  => 'неограничено',
     '1 account' => ' пользователей на странице: 1',
     '%s accounts' => 'пользователей на странице: %s',
     '1 domain' => 'доменов на странице: 1',

web/inc/i18n/se.php

@@ -346,6 +346,7 @@ $LANG['se'] = array(
     'ranges are acceptable' => 'spannet är acceptabelt',
     'CIDR format is supported' => 'Stöd finns för CIDR-format',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 konto',
     '%s accounts'  => '%s konton',
     '1 domain'  => '1 domän',

web/inc/i18n/tr.php

@@ -348,6 +348,7 @@ $LANG['tr'] = array(
     'ranges are acceptable' => 'kabul edilebilir aralıklar',
     'CIDR format is supported' => 'CIDR formatı destekleniyor',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 hesap',
     '%s accounts'  => '%s hesap',
     '1 domain'  => '1 alan adı',

web/inc/i18n/tw.php

@@ -348,6 +348,7 @@ $LANG['tw'] = array(
     'ranges are acceptable' => '可使用範圍',
     'CIDR format is supported' => 'CIDR 格式是支援的',
 
+    'unlimited'  => 'unlimited',
     '1 account'  => '1 帳號',
     '%s accounts'  => '%s 帳號',
     '1 domain'  => '1 網域',

web/inc/i18n/ua.php

@@ -350,6 +350,7 @@ $LANG['ua'] = array(
     'ranges are acceptable' => 'дозволені діапазони',
     'CIDR format is supported' => 'формат CIDR підтримується',
 
+    'unlimited'  => 'unlimited',
     '1 account' => ' 1 акаунт',
     '%s accounts' => '%s акаунтів',
     '1 domain' => '1 домен',

web/inc/main.php

@@ -13,10 +13,15 @@ if ((!isset($_SESSION['user'])) && (!defined('NO_AUTH_REQUIRED'))) {
     $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
     header("Location: /login/");
     exit;
+
 }
 
 if (isset($_SESSION['user'])) {
     require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
+    if(!isset($_SESSION['token'])){
+        $token = uniqid(mt_rand(), true);
+        $_SESSION['token'] = $token;
+    }
 }
 
 
@@ -277,7 +282,7 @@ function display_error_block() {
                     });
                 </script>
                 <div id="dialog-message" title="">
-                    <p>'. $_SESSION['error_msg'] .'</p>
+                    <p>'. htmlentities($_SESSION['error_msg']) .'</p>
                 </div>
             </div>'."\n";
         unset($_SESSION['error_msg']);

web/js/app.js

@@ -710,14 +710,15 @@ var App = {
     Core: {},
     // CONSTANT VALUES
     Constants: {
-        UNLIM_VALUE: 'unlimited',
-        UNLIM_TRANSLATED_VALUE: 'unlimited'
+        UNLIM_VALUE: 'unlimited', // overritten in i18n.js.php
+        UNLIM_TRANSLATED_VALUE: 'unlimited' // overritten in i18n.js.php
     }, 
     // Actions. More widly used funcs
     Actions: {
         DB:      {},
         WEB:     {},
-        PACKAGE: {}
+        PACKAGE: {},
+        MAIL_ACC:{}
     },
     // Utilities
     Helpers: {},
@@ -732,7 +733,8 @@ var App = {
     Listeners: {
         DB:      {},
         WEB:     {},
-        PACKAGE: {}
+        PACKAGE: {},
+        MAIL_ACC:{}
     },
     View:{
         HTML: {

web/js/i18n.js.php

@@ -1 +1,48 @@
-App.i18n.ARE_YOU_SURE = '<?php echo __('Are you sure?') ?>';
+<?php
+session_start();
+if (empty($_SESSION['language'])) {
+    $_SESSION['language'] = 'en';
+}
+require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
+
+if (!function_exists('_translate')) {
+    function _translate() {
+        global $LANG;
+
+        $args = func_get_args();
+        $l = $args[0];
+
+        if (!$l) return 'NO LANGUAGE DEFINED';
+        $key = $args[1];
+
+        if (!isset($LANG[$l])) {
+            require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$l.'.php');
+        }
+
+        if (!isset($LANG[$l][$key])) {
+            $text=$key;
+        } else {
+            $text=$LANG[$l][$key];
+        }
+
+        array_shift($args);
+        if (count($args)>1) {
+            $args[0] = $text;
+            return call_user_func_array("sprintf",$args);
+        } else {
+            return $text;
+        }
+    }
+}
+
+if (!function_exists('__')) {
+    function __() {
+        $args = func_get_args();
+        array_unshift($args,$_SESSION['language']);
+        return call_user_func_array("_translate",$args);
+    }
+}
+?>
+
+App.i18n.ARE_YOU_SURE     = '<?php echo __('Are you sure?') ?>';
+App.Constants.UNLIM_VALUE = '<?php echo __('unlimited') ?>';

web/js/jquery.arcticmodal.js

@@ -0,0 +1,429 @@
+/*
+
+ arcticModal — jQuery plugin
+ Version: 0.3
+ Author: Sergey Predvoditelev (sergey.predvoditelev@gmail.com)
+ Company: Arctic Laboratory (http://arcticlab.ru/)
+
+ Docs & Examples: http://arcticlab.ru/arcticmodal/
+
+ */
+(function($) {
+
+
+	var default_options = {
+
+		type: 'html', // ajax или html
+		content: '',
+		url: '',
+		ajax: {},
+		ajax_request: null,
+
+		closeOnEsc: true,
+		closeOnOverlayClick: true,
+
+		clone: false,
+
+		overlay: {
+			block: undefined,
+			tpl: '<div class="arcticmodal-overlay"></div>',
+			css: {
+				backgroundColor: '#000',
+				opacity: .6
+			}
+		},
+
+		container: {
+			block: undefined,
+			tpl: '<div class="arcticmodal-container"><table class="arcticmodal-container_i"><tr><td class="arcticmodal-container_i2"></td></tr></table></div>'
+		},
+
+		wrap: undefined,
+		body: undefined,
+
+		errors: {
+			tpl: '<div class="arcticmodal-error arcticmodal-close"></div>',
+			autoclose_delay: 2000,
+			ajax_unsuccessful_load: 'Error'
+		},
+
+		openEffect: {
+			type: 'fade',
+			speed: 400
+		},
+		closeEffect: {
+			type: 'fade',
+			speed: 400
+		},
+
+		beforeOpen: $.noop,
+		afterOpen: $.noop,
+		beforeClose: $.noop,
+		afterClose: $.noop,
+		afterLoading: $.noop,
+		afterLoadingOnShow: $.noop,
+		errorLoading: $.noop
+
+	};
+
+
+	var modalID = 0;
+	var modals = $([]);
+
+
+	var utils = {
+
+
+		// Определяет произошло ли событие e вне блока block
+		isEventOut: function(blocks, e) {
+			var r = true;
+			$(blocks).each(function() {
+				if ($(e.target).get(0)==$(this).get(0)) r = false;
+				if ($(e.target).closest('HTML', $(this).get(0)).length==0) r = false;
+			});
+			return r;
+		}
+
+
+	};
+
+
+	var modal = {
+
+
+		// Возвращает элемент, которым был вызван плагин
+		getParentEl: function(el) {
+			var r = $(el);
+			if (r.data('arcticmodal')) return r;
+			r = $(el).closest('.arcticmodal-container').data('arcticmodalParentEl');
+			if (r) return r;
+			return false;
+		},
+
+
+		// Переход
+		transition: function(el, action, options, callback) {
+			callback = callback==undefined ? $.noop : callback;
+			switch (options.type) {
+				case 'fade':
+					action=='show' ? el.fadeIn(options.speed, callback) : el.fadeOut(options.speed, callback);
+					break;
+				case 'none':
+					action=='show' ? el.show() : el.hide();
+					callback();
+					break;
+			}
+		},
+
+
+		// Подготвка содержимого окна
+		prepare_body: function(D, $this) {
+
+			// Обработчик закрытия
+			$('.arcticmodal-close', D.body).unbind('click.arcticmodal').bind('click.arcticmodal', function() {
+				$this.arcticmodal('close');
+				return false;
+			});
+
+		},
+
+
+		// Инициализация элемента
+		init_el: function($this, options) {
+			var D = $this.data('arcticmodal');
+			if (D) return;
+
+			D = options;
+			modalID++;
+			D.modalID = modalID;
+
+			// Overlay
+			D.overlay.block = $(D.overlay.tpl);
+			D.overlay.block.css(D.overlay.css);
+
+			// Container
+			D.container.block = $(D.container.tpl);
+
+			// BODY
+			D.body = $('.arcticmodal-container_i2', D.container.block);
+			if (options.clone) {
+				D.body.html($this.clone(true));
+			} else {
+				$this.before('<div id="arcticmodalReserve' + D.modalID + '" style="display: none" />');
+				D.body.html($this);
+			}
+
+			// Подготовка содержимого
+			modal.prepare_body(D, $this);
+
+			// Закрытие при клике на overlay
+			if (D.closeOnOverlayClick)
+				D.overlay.block.add(D.container.block).click(function(e) {
+					if (utils.isEventOut($('>*', D.body), e))
+						$this.arcticmodal('close');
+				});
+
+			// Запомним настройки
+			D.container.block.data('arcticmodalParentEl', $this);
+			$this.data('arcticmodal', D);
+			modals = $.merge(modals, $this);
+
+			// Показать
+			$.proxy(actions.show, $this)();
+			if (D.type=='html') return $this;
+
+			// Ajax-загрузка
+			if (D.ajax.beforeSend!=undefined) {
+				var fn_beforeSend = D.ajax.beforeSend;
+				delete D.ajax.beforeSend;
+			}
+			if (D.ajax.success!=undefined) {
+				var fn_success = D.ajax.success;
+				delete D.ajax.success;
+			}
+			if (D.ajax.error!=undefined) {
+				var fn_error = D.ajax.error;
+				delete D.ajax.error;
+			}
+			var o = $.extend(true, {
+				url: D.url,
+				beforeSend: function() {
+					if (fn_beforeSend==undefined) {
+						D.body.html('<div class="arcticmodal-loading" />');
+					} else {
+						fn_beforeSend(D, $this);
+					}
+				},
+				success: function(responce) {
+
+					// Событие после загрузки до показа содержимого
+					$this.trigger('afterLoading');
+					D.afterLoading(D, $this, responce);
+
+					if (fn_success==undefined) {
+						D.body.html(responce);
+					} else {
+						fn_success(D, $this, responce);
+					}
+					modal.prepare_body(D, $this);
+
+					// Событие после загрузки после отображения содержимого
+					$this.trigger('afterLoadingOnShow');
+					D.afterLoadingOnShow(D, $this, responce);
+
+				},
+				error: function() {
+
+					// Событие при ошибке загрузки
+					$this.trigger('errorLoading');
+					D.errorLoading(D, $this);
+
+					if (fn_error==undefined) {
+						D.body.html(D.errors.tpl);
+						$('.arcticmodal-error', D.body).html(D.errors.ajax_unsuccessful_load);
+						$('.arcticmodal-close', D.body).click(function() {
+							$this.arcticmodal('close');
+							return false;
+						});
+						if (D.errors.autoclose_delay)
+							setTimeout(function() {
+								$this.arcticmodal('close');
+							}, D.errors.autoclose_delay);
+					} else {
+						fn_error(D, $this);
+					}
+				}
+			}, D.ajax);
+			D.ajax_request = $.ajax(o);
+
+			// Запомнить настройки
+			$this.data('arcticmodal', D);
+
+		},
+
+
+		// Инициализация
+		init: function(options) {
+			options = $.extend(true, {}, default_options, options);
+			if ($.isFunction(this)) {
+				if (options==undefined) {
+					$.error('jquery.arcticmodal: Uncorrect parameters');
+					return;
+				}
+				if (options.type=='') {
+					$.error('jquery.arcticmodal: Don\'t set parameter "type"');
+					return;
+				}
+				switch (options.type) {
+					case 'html':
+						if (options.content=='') {
+							$.error('jquery.arcticmodal: Don\'t set parameter "content"');
+							return
+						}
+						var c = options.content;
+						options.content = '';
+
+						return modal.init_el($(c), options);
+						break;
+					case 'ajax':
+						if (options.url=='') {
+							$.error('jquery.arcticmodal: Don\'t set parameter "url"');
+							return;
+						}
+						return modal.init_el($('<div />'), options);
+						break;
+				}
+			} else {
+				return this.each(function() {
+					modal.init_el($(this), $.extend(true, {}, options));
+				});
+			}
+		}
+
+
+	};
+
+
+	var actions = {
+
+
+		// Показать
+		show: function() {
+			var $this = modal.getParentEl(this);
+			if ($this===false) {
+				$.error('jquery.arcticmodal: Uncorrect call');
+				return;
+			}
+			var D = $this.data('arcticmodal');
+
+			// Добавить overlay и container
+			D.overlay.block.hide();
+			D.container.block.hide();
+			$('BODY').append(D.overlay.block);
+			$('BODY').append(D.container.block);
+
+			// Событие
+			D.beforeOpen(D, $this);
+			$this.trigger('beforeOpen');
+
+			// Wrap
+			if (D.wrap.css('overflow')!='hidden') {
+				D.wrap.data('arcticmodalOverflow', D.wrap.css('overflow'));
+				var w1 = D.wrap.outerWidth(true);
+				D.wrap.css('overflow', 'hidden');
+				var w2 = D.wrap.outerWidth(true);
+				if (w2!=w1)
+					D.wrap.css('marginRight', (w2 - w1) + 'px');
+			}
+
+			// Скрыть предыдущие оверлеи
+			modals.not($this).each(function() {
+				var d = $(this).data('arcticmodal');
+				d.overlay.block.hide();
+			});
+
+			// Показать
+			modal.transition(D.overlay.block, 'show', modals.length>1 ? {type: 'none'} : D.openEffect);
+			modal.transition(D.container.block, 'show', modals.length>1 ? {type: 'none'} : D.openEffect, function() {
+				D.afterOpen(D, $this);
+				$this.trigger('afterOpen');
+			});
+
+			return $this;
+		},
+
+
+		// Закрыть
+		close: function() {
+			if ($.isFunction(this)) {
+				modals.each(function() {
+					$(this).arcticmodal('close');
+				});
+			} else {
+				return this.each(function() {
+					var $this = modal.getParentEl(this);
+					if ($this===false) {
+						$.error('jquery.arcticmodal: Uncorrect call');
+						return;
+					}
+					var D = $this.data('arcticmodal');
+
+					// Событие перед закрытием
+					if (D.beforeClose(D, $this)===false) return;
+					$this.trigger('beforeClose');
+
+					// Показать предыдущие оверлеи
+					modals.not($this).last().each(function() {
+						var d = $(this).data('arcticmodal');
+						d.overlay.block.show();
+					});
+
+					modal.transition(D.overlay.block, 'hide', modals.length>1 ? {type: 'none'} : D.closeEffect);
+					modal.transition(D.container.block, 'hide', modals.length>1 ? {type: 'none'} : D.closeEffect, function() {
+
+						// Событие после закрытия
+						D.afterClose(D, $this);
+						$this.trigger('afterClose');
+
+						// Если не клонировали - вернём на место
+						if (!D.clone)
+							$('#arcticmodalReserve' + D.modalID).replaceWith(D.body.find('>*'));
+
+						D.overlay.block.remove();
+						D.container.block.remove();
+						$this.data('arcticmodal', null);
+						if (!$('.arcticmodal-container').length) {
+							if (D.wrap.data('arcticmodalOverflow'))
+								D.wrap.css('overflow', D.wrap.data('arcticmodalOverflow'));
+							D.wrap.css('marginRight', 0);
+						}
+
+					});
+
+					if (D.type=='ajax')
+						D.ajax_request.abort();
+
+					modals = modals.not($this);
+				});
+			}
+		},
+
+
+		// Установить опции по-умолчанию
+		setDefault: function(options) {
+			$.extend(true, default_options, options);
+		}
+
+
+	};
+
+
+	$(function() {
+		default_options.wrap = $((document.all && !document.querySelector) ? 'html' : 'body');
+	});
+
+
+	// Закрытие при нажатии Escape
+	$(document).bind('keyup.arcticmodal', function(e) {
+		var m = modals.last();
+		if (!m.length) return;
+		var D = m.data('arcticmodal');
+		if (D.closeOnEsc && (e.keyCode===27))
+			m.arcticmodal('close');
+	});
+
+
+	$.arcticmodal = $.fn.arcticmodal = function(method) {
+
+		if (actions[method]) {
+			return actions[method].apply(this, Array.prototype.slice.call(arguments, 1));
+		} else if (typeof method==='object' || !method) {
+			return modal.init.apply(this, arguments);
+		} else {
+			$.error('jquery.arcticmodal: Method ' + method + ' does not exist');
+		}
+
+	};
+
+
+})(jQuery);

web/js/jquery.finder.js

@@ -175,7 +175,7 @@
                         var c = f.get.clicks(p,o,$(this));
                         
                         var ref = $(e.target);
-                        if (ref.parents('.l-unit').hasClass('selected') && $('.l-unit.selected').length == 1) {
+                        if (ref.parents('.l-unit').hasClass('selected')/* && $('.l-unit.selected').length == 1*/) {
                             ref.parents('.l-unit').find('.ch-toggle').attr('checked', false);
                             ref.parents('.l-unit').removeClass('selected');
                             ref.parents('.l-unit').removeClass('selected-current');
@@ -481,7 +481,7 @@
         },
         singleClick: function(p,c,o) {
             var s = f.get.siblings(p,o);
-            f.h.off(s, o);
+            //f.h.off(s, o);
             f.h.on(c.current.v, o);
             f.set.clicks(c.current.v, null, null, p, o);
         },

web/js/pages/add.mail_acc.js

@@ -0,0 +1,76 @@
+App.Actions.MAIL_ACC.enable_unlimited = function(elm, source_elm) {
+    $(elm).data('checked', true);
+    $(elm).data('prev_value', $(elm).val()); // save prev value in order to restore if needed
+    $(elm).val(App.Constants.UNLIM_VALUE);
+    $(elm).attr('disabled', true);
+    $(source_elm).css('opacity', '1');
+}
+
+App.Actions.MAIL_ACC.disable_unlimited = function(elm, source_elm) {
+    $(elm).data('checked', false);
+    if ($(elm).data('prev_value') && $(elm).data('prev_value').trim() != '') {
+        var prev_value = $(elm).data('prev_value').trim();
+        $(elm).val(prev_value);
+        if (App.Helpers.isUnlimitedValue(prev_value)) {
+            $(elm).val('0');
+        }
+    }
+    else {
+        if (App.Helpers.isUnlimitedValue($(elm).val())) {
+            $(elm).val('0');
+        }
+    }
+    $(elm).attr('disabled', false);
+    $(source_elm).css('opacity', '0.5');
+}
+
+// 
+App.Actions.MAIL_ACC.toggle_unlimited_feature = function(evt) {
+    var elm = $(evt.target);
+    var ref = elm.prev('.vst-input');
+    if (!$(ref).data('checked')) {
+        App.Actions.MAIL_ACC.enable_unlimited(ref, elm);
+    }
+    else {
+        App.Actions.MAIL_ACC.disable_unlimited(ref, elm);
+    }
+}
+
+App.Listeners.MAIL_ACC.checkbox_unlimited_feature = function() {
+    $('.unlim-trigger').on('click', App.Actions.MAIL_ACC.toggle_unlimited_feature);
+}
+
+App.Listeners.MAIL_ACC.init = function() {
+    $('.unlim-trigger').each(function(i, elm) {
+        var ref = $(elm).prev('.vst-input');
+        if (App.Helpers.isUnlimitedValue($(ref).val())) {
+            App.Actions.MAIL_ACC.enable_unlimited(ref, elm);
+        }
+        else {
+            $(ref).data('prev_value', $(ref).val());
+            App.Actions.MAIL_ACC.disable_unlimited(ref, elm);
+        }
+    });
+}
+
+App.Helpers.isUnlimitedValue = function(value) {
+    var value = value.trim();
+    if (value == App.Constants.UNLIM_VALUE || value == App.Constants.UNLIM_TRANSLATED_VALUE) {
+        return true;
+    }
+
+    return false;
+}
+
+//
+// Page entry point
+// Trigger listeners
+App.Listeners.MAIL_ACC.init();
+App.Listeners.MAIL_ACC.checkbox_unlimited_feature();
+$('form[name="v_quota"]').bind('submit', function(evt) {
+    $('input:disabled').each(function(i, elm) {
+        $(elm).attr('disabled', false);
+    });
+});
+
+

web/js/pages/edit.mail_acc.js

@@ -0,0 +1,76 @@
+App.Actions.MAIL_ACC.enable_unlimited = function(elm, source_elm) {
+    $(elm).data('checked', true);
+    $(elm).data('prev_value', $(elm).val()); // save prev value in order to restore if needed
+    $(elm).val(App.Constants.UNLIM_VALUE);
+    $(elm).attr('disabled', true);
+    $(source_elm).css('opacity', '1');
+}
+
+App.Actions.MAIL_ACC.disable_unlimited = function(elm, source_elm) {
+    $(elm).data('checked', false);
+    if ($(elm).data('prev_value') && $(elm).data('prev_value').trim() != '') {
+        var prev_value = $(elm).data('prev_value').trim();
+        $(elm).val(prev_value);
+        if (App.Helpers.isUnlimitedValue(prev_value)) {
+            $(elm).val('0');
+        }
+    }
+    else {
+        if (App.Helpers.isUnlimitedValue($(elm).val())) {
+            $(elm).val('0');
+        }
+    }
+    $(elm).attr('disabled', false);
+    $(source_elm).css('opacity', '0.5');
+}
+
+// 
+App.Actions.MAIL_ACC.toggle_unlimited_feature = function(evt) {
+    var elm = $(evt.target);
+    var ref = elm.prev('.vst-input');
+    if (!$(ref).data('checked')) {
+        App.Actions.MAIL_ACC.enable_unlimited(ref, elm);
+    }
+    else {
+        App.Actions.MAIL_ACC.disable_unlimited(ref, elm);
+    }
+}
+
+App.Listeners.MAIL_ACC.checkbox_unlimited_feature = function() {
+    $('.unlim-trigger').on('click', App.Actions.MAIL_ACC.toggle_unlimited_feature);
+}
+
+App.Listeners.MAIL_ACC.init = function() {
+    $('.unlim-trigger').each(function(i, elm) {
+        var ref = $(elm).prev('.vst-input');
+        if (App.Helpers.isUnlimitedValue($(ref).val())) {
+            App.Actions.MAIL_ACC.enable_unlimited(ref, elm);
+        }
+        else {
+            $(ref).data('prev_value', $(ref).val());
+            App.Actions.MAIL_ACC.disable_unlimited(ref, elm);
+        }
+    });
+}
+
+App.Helpers.isUnlimitedValue = function(value) {
+    var value = value.trim();
+    if (value == App.Constants.UNLIM_VALUE || value == App.Constants.UNLIM_TRANSLATED_VALUE) {
+        return true;
+    }
+
+    return false;
+}
+
+//
+// Page entry point
+// Trigger listeners
+App.Listeners.MAIL_ACC.init();
+App.Listeners.MAIL_ACC.checkbox_unlimited_feature();
+$('form[name="v_quota"]').bind('submit', function(evt) {
+    $('input:disabled').each(function(i, elm) {
+        $(elm).attr('disabled', false);
+    });
+});
+
+

web/restart/service/index.php

@@ -18,5 +18,5 @@ if ($_SESSION['user'] == 'admin') {
     unset($output);
 }
 
-header("Location: /list/services/");
+header("Location: /list/server/");
 exit;

web/restart/system/index.php

@@ -13,5 +13,5 @@ if ($_SESSION['user'] == 'admin') {
     unset($output);
 }
 
-header("Location: /list/services/");
+header("Location: /list/server/");
 exit;

web/start/service/index.php

@@ -18,5 +18,5 @@ if ($_SESSION['user'] == 'admin') {
     unset($output);
 }
 
-header("Location: /list/services/");
+header("Location: /list/server/");
 exit;

web/stop/service/index.php

@@ -18,5 +18,5 @@ if ($_SESSION['user'] == 'admin') {
     unset($output);
 }
 
-header("Location: /list/services/");
+header("Location: /list/server/");
 exit;

web/suspend/cron/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/suspend/db/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/suspend/dns/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/suspend/firewall/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/suspend/mail/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/suspend/user/index.php

@@ -5,6 +5,12 @@ session_start();
 $TAB = 'USER';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/suspend/web/index.php

@@ -5,6 +5,12 @@ ob_start();
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('location: /login/');
+    exit();
+}
+
 // Check user
 if ($_SESSION['user'] != 'admin') {
     header("Location: /list/user");

web/templates/admin/add_cron.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding Cron Job')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_db.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding database')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_dns.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding DNS Domain')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_dns_rec.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding DNS Record')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_firewall.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding Firewall Rule')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_firewall_banlist.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding IP Address to Banlist')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_ip.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding IP address')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_mail.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding Mail Domain')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_mail_acc.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding Mail Account')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";
@@ -107,6 +107,7 @@
                                     <tr>
                                         <td>
                                             <input type="text" size="20" class="vst-input" name="v_quota" <?php if (!empty($v_quota)) echo "value=".htmlentities($v_quota); ?>>
+                                            <img class="unlim-trigger" id="unlim-quota" src="/images/unlim.png" />
                                         </td>
                                     </tr>
                                 <tr>
@@ -152,4 +153,5 @@
         </tr>
     </table>
     </form>
-  </div>
+  </div>
+  <script type="text/javascript" src="/js/pages/edit.package.js"></script>

web/templates/admin/add_package.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding Package')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_user.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding User')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";

web/templates/admin/add_web.html

@@ -4,7 +4,7 @@
                 <span class="title"><b><?=__('Adding Domain')?></b></span>
                   <?php
                     if (!empty($_SESSION['error_msg'])) {
-                      echo "<span class=\"vst-error\"> → ".$_SESSION['error_msg']."</span>";
+                      echo "<span class=\"vst-error\"> → ".htmlentities($_SESSION['error_msg'])."</span>";
                     } else {
                       if (!empty($_SESSION['ok_msg'])) {
                         echo "<span class=\"vst-ok\"> → ".$_SESSION['ok_msg']."</span>";